In a security alert posted on its website on January 31, The South Korean Computer Emergency Response Team (KR-CERT) warned of a zero-day vulnerability in Adobe Flash player that could be maliciously exploited. The vulnerability, CVE-2018-4878, is a critical remote code execution flaw that could be exploited by convincing or luring a user to open Microsoft Office documents, web pages, or spam mails containing a Flash file (Detected by Trend Micro as SWF_EXPLOYT.BL). Adobe has released an update addressing this vulnerability, which can be found on theirsecurity updates page.

While the vulnerability itself is not unusual in terms of how it’s exploited, what is particularly noteworthy is that it is already being used for malicious means. Security researcher Simon Choi tweeted on February 2, 2018 that the vulnerability was being used by North Korean hackers to attack South Korean targets researching North Korean topics. According to Choi, these attacks have been on-going since November 2017.

Adobe has already acknowledged the existence of the vulnerability in a bulletin (APSA18-01) posted on their website. According to the text, the company is already aware of reports of the CVE-2018-4878 exploits, as well as its use in limited, targeted attacks against Windows users.

The affected product versions include 28.0.0.137 and earlier versions of the following:

KR-CERT provide good recommendations for minimizing the risk of being targeted by cybercriminals looking to exploit CVE-2018-4878. In addition to removing Flash Player while waiting for official updates, they also recommend implementing Protected View on Microsoft Office programs, allowing it to set potentially unsafe files as read-only.

Exploiting vulnerabilities is one of the most common attack methods cybercriminals use to target their victims. The WannaCry outbreak in May 2017, perhaps the most notorious malware attack of the last few years, resulted from exploiting the EternalBlue vulnerability. To address these vulnerabilities, companies will often release security updates or patches within a short amount of time. However, unless these updates are automated, it is up to the users to apply them to their systems and devices. Thus, users are highly encouraged to keep both their hardware and software updated to the latest versions. For larger organizations, however, patching can be difficult and time consuming, often due to a lack of resources or software incompatibility – leading to a delay or “lag” in patching. For situations such as this, virtual patching can help bridge the gap between the vulnerable unpatched periods and the actual implementation of updates.

Given the use of spam and lure documents as part of malware infection routines, users should also be aware of the different phishing and social engineering techniques cybercriminals use in their attacks. Suspicious links and attachments are red flags that the incoming message is malicious in nature.

2017 MIDYEAR SECURITY ROUNDUP

2018 SECURITY PREDICTIONS

Today's increasingly interconnected environments pave the way for threats that will bank on systems' weaknesses for different forms of cybercrime. How can you prepare for the year ahead?View the 2018 Security Predictions